PROFESSIONAL EXPERIENCE:

Confidential

Cyber Security Incident Response Manager

Responsibilities:

• Build Incident Response program, Manage daily Cyber Security incidents across enterprise
• Cyber Security Service request management to meet SLA’s and provide high levels of service
• Manage and develop content for Qradar SIEM to identify incidents of compromise
• Build out Cyber Defense organization, Work with tools such as Forescout, Dark Trace, Varonis, Jask, SQRRL
• Train staff on Cyber hunting, Develop process, procedure, standards and RACI matrixes for Cyber Operations
• Information security tools performance management and enhancement
• Build threat intelligence capability and integrated 200+ threat intelligence feeds supporting STIX/TAXII. integrated with security controls, enhanced investigations and build threat connections to external partners
• Malware Analysis, training and mentoring, Employee investigations, Blue Team Exercise development
• System Forensics using Encase Enterprise, Cyber and Analytics, Threat Management, McAfee EPO TIE
• Develop alternative big data solutions to existing SIEM platform, Imperva WAF and DAM policy tuning

Confidential

Responsibilities:

• Train, mentor and manage Counter Threat, Deep Dive Analyst, Forensic Investigators, SOC Analyst, Cyber Hunters. Work war rooms to respond and manage Cyber incidents, develop Cyber Remediation plans
• Acquire, process, analyze, report on forensic images using tools such as FTK, ProDiscover, Autopsy, SIFT, DEFT extensive use of Encase enterprise, Encase analytics, Encase Cyber Security
• Malware analysis, reverse analysis with tools such as Ollydebug, Volatility, MAS, Cuckoo, Viper, IRMA, JOE
• SIEM content developer for RSA, Alienvault, Arcsight, providing content for Investigators and business lines
• Stand up SIEM’s in other countries and acquired entities, HP logger to HADOOP data lake mining
• Prove incidents of compromise, supporting 225,000 workstations for a $155 - billion-dollar company
• Tune enterprise Information Security controls to provide meaningful value, increase control and content
• Cisco, Checkpoint, Palo Alto Firewall rule auditing, assessment and security posture improvement as part of the Information Security Advancement group. Map business flows to security exceptions
• Build process flows and document Cyber Security Operations, obtain buy in on roles and responsibilities
• Work with tools such as FireEye, Damballa, Guardium, CyberArk, CyberArk Privileged Threat Analytics, SEP, Palo Alto, Checkpoint, Cisco ASA, F5 ASM, Imperva WAF, LanCope StealthWatch, Brightmail, Ironport, Blue Coat
• Collect and process threat intelligence, disseminate to external business partners, integrate into workflow, collect with TAXI, STIX compatible platforms such as MISP, Soltra Edge, HP Threat Central
• Work with acquired companies and external business partners to resolve Cyber Incidents
• Building virtualized labs to identify and detect malicious activity to enhance toolsets and detection
• Build proof of concepts and develop security strategies, Manage Offshore staff, Predictive Security Analytics
• Red Team/ Blue Team Exercises with post mortem remediation efforts and lessons learned
• Stand up SOC, train staff, develop procedures and integrate with other Cyber Defense business units

Confidential

Arcsight Content Developer

Responsibilities:

• Develop advanced SIEM content to detect policy violations, data breaches and support NERC CIP initiatives
• Manage breach investigations, work with internal and external teams
• Baseline network and security incidents and build advanced correlation rules
• Map out business data flows and establish patterns of interest
• Train Dominion Cyber investigators, Palo Alto Firewall rule validation and baselining
• Develop threat management metrics to reduce attack surface and mitigate risk
• Malware Analysis

Confidential

Vice President Information Security

Responsibilities:

• Responsible for Confidential Compliance for Level 1 Payment Processor ($40bn Yearly), Manage TR-39 Compliance
• Hire, train and retain Information and Network security staff
• Develop and implement business continuity program, Incident Response
• Develop and document security daily operations, Direct investigations and manage incidents
• Develop Imperva Web application firewall policies, Develop Q1 Radar SIEM content
• Review and investigate compromised devices, SSAE 16 compliance standards
• Build Incident Response Program, Implement security program, Cisco UCS design and data center migration
• Physical security management, develop and review network and security architecture
• Worked with stake holders to insure strategic security decisions and technologies enhanced business processes

Confidential

Responsibilities:

• Extensive work with Arcsight, Q1, RSA Security Analytics, Alien Vault, Splunk, LogRhytm with 15k-300k EPS
• Working in client environments ranging from 5k-250k end users and 1k-40k cross platform servers
• Develop advanced SIEM content to detect policy violations and data breaches
• Built Threat Intelligence and Information sharing platforms using STIX, CYBOX, TAXII
• Deploy and manage multiple global sensors to collect threat intelligence
• Deploy and manage deep packet engines like RSA Netwitness, Solera networks, Silent runner
• Deploy, use and manage case management tools for investigating tracking and reporting
• Deploy Vontu, Mcafee, RSA Data Loss Prevention systems, develop DLP policies and SIEM content
• Deploy SSL decryption technologies in proxy or pass thru mode
• Manage breach investigations, work with internal and external legal support teams and law enforcement
• Perform forensic imaging of laptops, desktops, servers, phones, tablets and produce report of findings
• Perform memory and image analysis to identify malware, malicious code
• Review and negotiate legal contracts, develop corporate policy, standards and procedures
• Develop security architectures, project plans and implementation plans for global technology deployments
• Deploy Malware platforms and repositories such as VxCage, Maltrieve, Cuckoo, FireEye, Bromium, Damballa, Lastline, Cyvera, Cuckoo, Invincea and Trusteer
• Deploy Endpoint solutions such as Symantec or McAfee ePo for antivirus, endpoint encryption, DLP
• Deploy Imperva, F5 ASM Web application firewalls and database activity monitoring solutions
• Deploy Network Access Control ( Confidential ) Forescout/Cisco/Aruba to manage guest networks and rogue connections
• Manage Confidential, SOX, HIPAA, FTC, GLBA, NERC CIP compliance mandates, gather evidence and maintain compliance
• Develop and implement enterprise vulnerability management solutions with solutions Ncircle, Qualsys
• Develop Computer Security Incident Response programs to detect and manage global incidents
• Architect, deploy and tune IPS solutions such as Palo Alto, Sourcefire, Tipping point, IBM Proventia
• Deploy other security controls such as Bit 9, Tripwire as mitigating controls as identified during risk assessment
• Develop network architectures and migrate routing protocols, re-architect DMZ networks, core networks and perform migrations to Cisco Nexus and Cisco UCS platforms
• Build network zoning and defense in depth security architectures
• Perform packet level inspection by tapping networks and utilize tools such as Gigastor, Sniffer, Wireshark, Airshark, Airdefense, Netscout, LanCope to troubleshoot network issues or support forensic investigations.
• Build application performance monitoring to identify slow-downs and service outages
• Develop and deliver detailed flow diagrams, develop operational procedures, policies, risk analysis, gap analysis
• Program manage the enterprise to develop, test and implement business continuity plans
• Build out security operations centers, interview staff, develop escalation procedures and ticketing system
• Trained onshore, offshore staff, develop career progression plan and mentor staff
• Perform daily Cyber Security investigations, hands on with tools and processes
• Built custom logging, data mining and monitoring solution based on HADOOP
• Perform Pentesting and Application security scanning and analysis for diverse client base
• Acquire, process and report on forensic images with Encase, FTK, ProDiscover, Gargoyle, Autopsy, SIFT, DEFT
• Deploy Threat Management program to identify incident trends, control failures and remediation plans.
• Migrate Checkpoint, Cisco ASA, Juniper firewalls to Palo Alto Firewalls
• Build and manage Enterprise Lockdown projects and security enhancement projects
• Deploy and Implement Google Rapid Response into the workflow
• Develop metrics and trends to measure performance and cost effectiveness of security services
• Monitor end user activity with fraud and user based analytics accessing PII, PHI, Confidential information
• Drive “ Confidential ” - remediation road map, build burn down lists and drive to completion

Risk Management Consultant

Confidential

Responsibilities:

• Educate and mentor permanent and contract staff on Confidential compliance program objectives
• Develop and deliver implementation project plans for global technology deployments
• Develop and deliver risk impact statements, risk assessments and report of findings
• Develop and deploy security controls to meet Confidential compliance mandate
• Deploy proxy solutions globally Deploy and manage Kazeon e-discovery solution
• Architect, deploy and tune IBM Proventia Intrusion Prevention appliances globally
• Perform data flow mapping to identify regulated data flows
• Deploy Data Loss Prevention solution to monitor use of sensitive data, Perform E-discovery and legal holds
• Perform incident response & Investigations based on RSA Envision SIEM use cases
• Architect and deploy secure file transfer solutions
• Virtualize systems with VMware, performed P2V, Vshield Configurations
• Global firewall migrations on Cisco, Checkpoint and Nokia Appliances
• Network architecture design, troubleshooting and deployment
• Policy, standards and procedure development, train and mentor staff on compliance requirements
• Produce technical Visio documents containing security and network infrastructure diagrams
• Deploy optical DWDM solutions for high availability networks.
• Application Penetration testing and Source Code Analysis (Ounce Labs, Fortify, Web Inspect)
• Perform Confidential activities in risk management and compliance group
• Deploy and configure Cisco routers, switches, Confidential based switches, MDS platforms, firewalls, Cisco load balancers, troubleshooting layer 2,3 and routing protocols
• Interview and screen contractors and permanent staff
• Deploy, manage and application onboarding for 30 Imperva web application firewalls globally

Confidential, Albany, NY

Security Architect

Responsibilities:

• Develop policy, procedure and technical controls to move forward security project within the State of NY
• Deploy open source SIEM for event correlation
• Deploy security controls such as IPS, Firewalls, RSA two factor authentication

Confidential

Information Assurance Network Engineer Manager

Responsibilities:

• Worked closely with senior military leadership for all Confidential efforts in the Middle East Theatre of Operation
• Weekly briefings to Sr. Military Leaders on security incidents and Cyber Operations
• Lead team of Information Assurance (IA) network security engineers at diverse locations throughout Middle East
• Worked with IA managers to become compliant with DISA security standards and STIG’s
• Developed detailed documentation and performed security testing for DISA certification & accreditation
• Deployed and supported all ASA, PIX, Secure Computing Sidewinder and Symantec firewalls in IRAQ, Afghanistan and Kuwait
• Troubleshoot routers, switches, routing protocols, load balancers, VOIP and LAN/WAN circuits consisting of Frame relay, SONET, MPLS, ISDN, Troubleshoot VPN, QOS, Routing Protocols such as OSPF, EIGRP, BGP and Multicast networks
• Deploy Cisco routers, switches, firewalls, content switches, Vbrick multicasting solutions in a 220,000 user endpoint multi country WAN infrastructure
• Support IDS appliances and work with Kuwait TNOSC on Arcsight SIEM events
• Security monitoring on MNC, NIPR and SIPR classified networks

Confidential, Hartford, CT

Program Manager

Responsibilities:

• Develop agency Confidential program and gained executive acceptance
• First State agency to become compliant with Confidential mandates for Confidential
• Deploy wireless network statewide to achieve cost savings by eliminating point to point circuits
• Business continuity program for continued care for State hospitals in the event of a declared disaster
• Deployed centralized HIDS, Confidential and Antivirus management solution to reduce virus infections and security incidents by 95%, freeing up two Confidential 's for other project work
• Performed Malware identification, analysis and remediation
• Implemented patching and vulnerability process
• Configured, deployed and supported Cisco routers and switches for wired and wireless networks statewide
• Deployed identity management and single sign-on solution
• Monitored State networks with Confidential Site protector IDS System
• Train and mentor agency staff
• Developed project plans, operational manuals, procedures and response plans

Confidential, Pittsburgh, MA

Principal Consultant

Responsibilities:

• Trained and educated hospital executive management on HIPAA compliance mandates
• Project management, security strategy development, perform assessments, gap analysis and remediation
• Developed and deployed technical and procedural controls, Develop security and network architectures
• Troubleshoot networks and systems, Deploy single sign on solutions and identity management
• Deploy Dragon and SNORT IDS system, Web application security testing using Cenzic for regulated systems
• Implemented vulnerability management program, Workstation forensics
• Support client during network outages to resolve complex routing or network issues

Confidential, Minneapolis, MN

Chief Technology Officer

Responsibilities:

• Worked closely with the CEO and CFO to overcome funding challenges for Internet startup
• Designed and implementing Internet data center, develop and implement network infrastructure design
• Worked closely with contractors to build out and commission datacenter
• Developed company security, network strategy and drove budget process
• Implemented security strategy to insure zero security incidents for hosted customer environments
• Maintained VOIP hosted solution, Developed and managed Incident response program
• Design and deploy LAN/WAN/MPLS networks, Troubleshoot routing protocols (BGP, OSPF, RIP, EIGRP), deploy routers, switches, load balancers, security appliances
• Deploy and support IDS/IPS solutions, mitigate Confidential attacks, Deploy PIX, ASA, Sidewinder, Checkpoint and Smoothwall firewalls. Support servers and Operating systems
• Configure reverse proxies, Load balancers, 3rd level support for hosted client solutions
• Deploy SIEM platform for event correlation and logging
• Deploy application and networking monitoring
• Build highly available and scalable systems platforms
• Forensic investigations to support intellectual property claims
• Managed 24 indirect reports, 3 direct reports
• Develop Physical Security program for secure data center